{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T18:41:10Z","timestamp":1743100870495,"version":"3.40.3"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319170152"},{"type":"electronic","value":"9783319170169"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-17016-9_11","type":"book-chapter","created":{"date-parts":[[2015,3,29]],"date-time":"2015-03-29T00:52:41Z","timestamp":1427590361000},"page":"167-182","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Environment\u2013Reactive Malware Behavior: Detection and Categorization"],"prefix":"10.1007","author":[{"given":"Smita","family":"Naval","sequence":"first","affiliation":[]},{"given":"Vijay","family":"Laxmi","sequence":"additional","affiliation":[]},{"given":"Manoj S.","family":"Gaur","sequence":"additional","affiliation":[]},{"given":"Sachin","family":"Raja","sequence":"additional","affiliation":[]},{"given":"Muttukrishnan","family":"Rajarajan","sequence":"additional","affiliation":[]},{"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,3,28]]},"reference":[{"issue":"4","key":"11_CR1","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/s11416-011-0152-x","volume":"7","author":"B Anderson","year":"2011","unstructured":"Anderson, B., Quist, D., Neil, J., Storlie, C., Lane, T.: Graph-based malware detection using dynamic analysis. J. Comput. Virol. 7(4), 247\u2013258 (2011)","journal-title":"J. Comput. Virol."},{"key":"11_CR2","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kirda, E., Kruegel, C., Vigna, G.: Efficient detection of split personalities in malware. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, San Diego, California, USA, pp. 1\u201316 (2010)"},{"key":"11_CR3","unstructured":"Bethencourt, J., Song, D., Waters, B.: Analysis-resistant malware. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, San Diego, California, USA, pp. 1\u201313 (2008)"},{"key":"11_CR4","series-title":"Advances in Information Security","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-0-387-68768-1_4","volume-title":"Botnet Detection","author":"D Brumley","year":"2008","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection. Advances in Information Security, vol. 36, pp. 65\u201388. Springer, New York (2008)"},{"key":"11_CR5","unstructured":"Chen, X., Andersen, J., Mao, Z., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: Dependable Systems and Networks With FTCS and DCC, DSN, pp. 177\u2013186, June 2008"},{"key":"11_CR6","unstructured":"Chester, D.L.: Why two hidden layers are better than one. In: Proceedings of the International Joint Conference on Neural Networks, IJCNN 1990, Washington, DC (1990)"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 51\u201362. ACM, New York (2008)","DOI":"10.1145\/1455770.1455779"},{"issue":"5","key":"11_CR8","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1016\/0893-6080(89)90020-8","volume":"2","author":"K Hornik","year":"1989","unstructured":"Hornik, K., Stinchcombe, M., White, H.: Multilayer feedforward networks are universal approximators. Neural Netw. 2(5), 359\u2013366 (1989)","journal-title":"Neural Netw."},{"key":"11_CR9","unstructured":"J00ru: Windows win32k.sys system call table, April 2014"},{"key":"11_CR10","unstructured":"Jacob, G., Hund, R., Kruegel, C., Holz, T.: Jackstraws: picking command and control connections from bot traffic. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, pp. 29\u201348. USENIX Association, Berkeley (2011)"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Yin, H., Hanna, S., McCamant, S., Song, D.: Emulating emulation-resistant malware. In: Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec 2009. ACM, New York, pp. 11\u201322 (2009)","DOI":"10.1145\/1655148.1655151"},{"key":"11_CR12","unstructured":"Kevin, L., Bryce, D., David, G., Volker, R., Christophe, B.: Bochs user manual (2010)"},{"key":"11_CR13","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 351\u2013366. USENIX Association (2009)"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1007\/978-3-642-23644-0_18","volume-title":"Recent Advances in Intrusion Detection","author":"M Lindorfer","year":"2011","unstructured":"Lindorfer, M., Kolbitsch, C., Milani Comparetti, P.: Detecting environment-sensitive malware. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 338\u2013357. Springer, Heidelberg (2011)"},{"key":"11_CR15","unstructured":"Mark, R., David A, s., Alex, L.: Windows internal part 2"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 2007, Washington, DC, pp. 231\u2013245 (2007)","DOI":"10.1109\/SP.2007.17"},{"issue":"1","key":"11_CR17","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1016\/j.patcog.2006.04.041","volume":"40","author":"G Ou","year":"2007","unstructured":"Ou, G., Murphey, Y.L.: Multi-class pattern classification using neural networks. Pattern Recogn. 40(1), 4\u201318 (2007)","journal-title":"Pattern Recogn."},{"key":"11_CR18","doi-asserted-by":"publisher","first-page":"419","DOI":"10.1016\/j.cose.2013.09.006","volume":"39","author":"Y Park","year":"2013","unstructured":"Park, Y., Reeves, D.S., Stamp, M.: Deriving common malware behavior through graph clustering. Comput. Secur. 39, 419\u2013430 (2013)","journal-title":"Comput. Secur."},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"P\u00e9k, G., Bencs\u00e1th, B., Butty\u00e1n, L.: nEther: in-guest detection of out-of-the-guest malware analyzers. In: Proceedings of the Fourth European Workshop on System Security, EUROSEC 2011, pp. 3:1\u20133:6. ACM, New York (2011)","DOI":"10.1145\/1972551.1972554"},{"issue":"2","key":"11_CR20","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s11416-010-0142-4","volume":"7","author":"D Quist","year":"2011","unstructured":"Quist, D., Liebrock, L., Neil, J.: Improving antivirus accuracy with hypervisor assisted analysis. J. Comput. Virol. 7(2), 121\u2013131 (2011)","journal-title":"J. Comput. Virol."},{"key":"11_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"K Rieck","year":"2008","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108\u2013125. Springer, Heidelberg (2008)"},{"key":"11_CR22","unstructured":"Rutkowska, J.: Red pill... or how to detect vmm using (almost) one cpu instruction"},{"key":"11_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"421","DOI":"10.1007\/978-3-540-87403-4_36","volume-title":"Recent Advances in Intrusion Detection","author":"A Srivastava","year":"2008","unstructured":"Srivastava, A., Lanzi, A., Giffin, J.T.: System call API obfuscation (extended abstract). In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 421\u2013422. Springer, Heidelberg (2008)"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Sun, M.K., Lin, M.J., Chang, M., Laih, C.S., Lin, H.T.: Malware virtualization-resistant behavior detection. In: Proceedings of the 17th International Conference on Parallel and Distributed Systems (IEEE), ICPADS 2011, Washington, DC, USA, pp. 912\u2013917 (2011)","DOI":"10.1109\/ICPADS.2011.78"},{"key":"11_CR25","unstructured":"Vinod, P., Laxmi, V., Gaur, M.S.: REFORM: relevant feature for malware analysis. In: Proceedings of Sixth IEEE International Conference of Security and Multimodality in Pervasive Environment (SMPE 2012), pp. 26\u201329. Fukuoka Institute of technology (FIT), Fukuoka, Japan (2012)"}],"container-title":["Lecture Notes in Computer Science","Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-17016-9_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,8]],"date-time":"2023-02-08T09:49:19Z","timestamp":1675849759000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-17016-9_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319170152","9783319170169"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-17016-9_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"28 March 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}